Jump to:

23490 Posts in 18996 Topics by 2878 members

General Questions

SilverStripe Forums » General Questions » PasswordValidator() not giving validation errors feedback

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 940 Views
  • socks
    Avatar
    Community Member
    190 Posts

    PasswordValidator() not giving validation errors feedback Link to this post

    I'm using PasswordValidator()
    SS 2.4

    $pwdValidator = new PasswordValidator();
    $pwdValidator->minLength(8);
    $pwdValidator->checkHistoricalPasswords(2);
    $pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));
    Member::set_password_validator($pwdValidator);

    In the CMS, when adding a new member. If the password doesn't validate, it properly gives feedback on why it didn't validate (ie "Password is too short, it must be 7 or more characters long. You need to increase the strength of your passwords by adding some of the following characters: uppercase").

    But if on the site, a member says "Lost my Password". After clicking the email reset password link, on the Change Password form. Password Validator no longer gives feedback on why the password didn't validate. All it spits out is "We couldn't accept that password %s".

    If someone can verify this issue and doesn't have a fix, I'll submit a bug report. And I'll just write the validation rules into the Security_changepassword.ss template.

    Thanks

  • Ronan
    Avatar
    Community Member
    1 Post

    Re: PasswordValidator() not giving validation errors feedback Link to this post

    Hi Socks,

    I know it's an old post, but I came across the same problem and finally figured it out.

    It's the 4 argument in characterStrength:

    $pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));

    This represents: $minScore $minScore - The minimum number of character tests that must pass

    I haven't gone into source to check what this does but my guess is it's saying you need 4 of each of the characters types specified in the array.

    I'm happy with just 1 of each so I took out the argument. I think the lack of a validation error is only for the edge case where this type of validation is used.

    940 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.